Tekniikka/Varmenne

Kohteesta DigiWiki
Siirry navigaatioon Siirry hakuun


Älykortit

Varmenteen luku älykortilta vaatii tausta-ajossa pcscd palvelun ja pkcs15-tool ohjelman joka tulee OpenSC pakettien mukana.

Varmenteiden listaus

% pkcs15-tool -c
Using reader with a card: Gemalto PC Twin Reader (DF244A22) 00 00
X.509 Certificate [todentamis- ja salausvarmenne]
        Object Flags   : [0x0]
        Authority      : no
        Path           : 3f004331
        ID             : 45
        Access Rules   : read:<always>;
        Encoded serial : 02 04 3BA8D0D3
X.509 Certificate [allekirjoitusvarmenne]
        Object Flags   : [0x0]
        Authority      : no
        Path           : 3f0050164332
        ID             : 46
        Access Rules   : read:<always>;
        Encoded serial : 02 04 3BA8D0D0
X.509 Certificate [VRK Gov. Root CA]
        Object Flags   : [0x0]
        Authority      : yes
        Path           : 3f004334
        ID             : 48
        Access Rules   : read:<always>;
        Encoded serial : 02 03 0186A0
X.509 Certificate [VRK Gov. CA for Citizen Qualified Certificates]
        Object Flags   : [0x0]
        Authority      : yes
        Path           : 3f004333
        ID             : 47
        Access Rules   : read:<always>;
        Encoded serial : 02 03 018899

Varmenteet on numeroitu ID tunnisteella.

Avaimen luku

$ % pkcs15-tool -r 45
Using reader with a card: Gemalto PC Twin Reader (DF244A22) 00 00
-----BEGIN CERTIFICATE-----
MIIGGDCCBQCgAwIBAgIEO6jQ0zANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMC
RkkxEDAOBgNVBAgTB0ZpbmxhbmQxITAfBgNVBAoTGFZhZXN0b3Jla2lzdGVyaWtl
c2t1cyBDQTEkMCIGA1UECxMbVmFsdGlvbiBrYW5zYWxhaXN2YXJtZW50ZWV0MTcw
NQYDVQQDEy5WUksgR292LiBDQSBmb3IgQ2l0aXplbiBRdWFsaWZpZWQgQ2VydGlm
aWNhdGVzMB4XDTExMDQyOTA5MDUwMVoXDTE2MDQyODIxNTk1OVowYzELMAkGA1UE
BhMCRkkxEjAQBgNVBAUTCTEwMDAwMzUwWDENMAsGA1UEKhMESlVIQTEQMA4GA1UE
BBMHVFVPTUFMQTEfMB0GA1UEAxMWVFVPTUFMQSBKVUhBIDEwMDAwMzUwWDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK/nA02UmL98mepeTkIgt/z7rsyN
RgAelBN9ZiBWk9m/IdVvqbbVpyRTJ02Yt7jRErZM0+vS5H8F7v6Qi3p9RN2H0wIY
PuAbw1GBWrLYAuOqVqcEw/EEnwv9nYANid4RZE+bowwNteRiEUxiPoRcR4Z2P4uX
Re+jibWi+9iwYNaRygPklInX6dRJHxFZDqft5N2LQQhhzYfAIVAMXjQSx9SF7nYf
ZQYAcIwO3jZ4qwoBj7Fp8l/LydLfJwF4+zdI7oIGNWhImqhnzhKPymudqDRyIKvr
AS7PAzJgOKupihZa0/mI7oYioCP+3MW/dWb5RtjzeYu9MYeg6tERy85JfE8CAwEA
AaOCApMwggKPMAwGA1UdEwEB/wQCMAAwgaEGA1UdIASBmTCBljCBkwYJKoF2hAUB
CgIBMIGFMFsGCCsGAQUFBwICME8aTVR1dHVzdHUgdmFybWVubmVwb2xpdGlpa2th
YW4gLSBzZSBjZXJ0aWZpa2F0IHBvbGljeSBodHRwOi8vd3d3LmZpbmVpZC5maS9j
cHMxMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmZpbmVpZC5maS9jcHMxLzBABggr
BgEFBQcBAQQ0MDIwMAYIKwYBBQUHMAKGJGh0dHA6Ly9wcm94eS5maW5laWQuZmkv
Y2EvdnJrY3FjLmNydDARBglghkgBhvhCAQEEBAMCBaAwHgYDVR0RBBcwFYETanVo
YS50dW9tYWxhQGlraS5maTAOBgNVHQ8BAf8EBAMCBLAwHwYDVR0jBBgwFoAUiFpv
HUJHgob91+kNslfPTVAoBBcwggEUBgNVHR8EggELMIIBBzAsoCqgKIYmaHR0cDov
L3Byb3h5LmZpbmVpZC5maS9jcmwvdnJrY3FjYy5jcmwwgdaggdOggdCGgc1sZGFw
Oi8vbGRhcC5maW5laWQuZmk6Mzg5L2NuJTNkVlJLJTIwR292LiUyMENBJTIwZm9y
JTIwQ2l0aXplbiUyMFF1YWxpZmllZCUyMENlcnRpZmljYXRlcyxvdSUzZFZhbHRp
b24lMjBrYW5zYWxhaXN2YXJtZW50ZWV0LG8lM2RWYWVzdG9yZWtpc3RlcmlrZXNr
dXMlMjBDQSxkbWROYW1lJTNkRklORUlELGMlM2RGST9jZXJ0aWZpY2F0ZVJldm9j
YXRpb25MaXN0MB0GA1UdDgQWBBTrpBk34icBaeKiLEjzSFSCEDR8DzANBgkqhkiG
9w0BAQUFAAOCAQEAQmmsPALeREmd0dZW9FF9uqai7bTyfmd3hX8cgmwSJmpP58cs
kaQMZ4DL9Uo3pO7AU3Io0JQeUc7JC40ecpxAecHqdUcbpKBZfxFfyQ5Evu/OMwGp
+ClDlpgdUnl0dRq96LhX/BE3+qgn3aMJJfqfNuPugsOfN81SlH2K+GChgf1xcqRc
SfSKRTecIv00GHjJzyRRJfMr60/XQwq8wr29yZXHB6s0lF64iv1m/p25F6QomyXi
1dsX/OJ7PodAN2BdTYGgmxl+JYxQlBD7Pj8fd2bgLktV65fs9/NEzaGGB+fLd5O+
naSLIrzqeBIOAom2m5It1LXCgfII6n9ZeIb6cQ==
-----END CERTIFICATE-----

Tulosteen voi myös ohjata suodaan tiedostoon:

openssl -r 45 > juha.tuomala.vrk.pem

Avaimen tulostus ihmisen luettavaksi

% pkcs15-tool -r 45| openssl x509 -text -noout
Using reader with a card: Gemalto PC Twin Reader (DF244A22) 00 00
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1000919251 (0x3ba8d0d3)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=FI, ST=Finland, O=Vaestorekisterikeskus CA, OU=Valtion kansalaisvarmenteet, CN=VRK Gov. CA for Citizen Qualified Certificates
        Validity
            Not Before: Apr 29 09:05:01 2011 GMT
            Not After : Apr 28 21:59:59 2016 GMT
        Subject: C=FI/serialNumber=10000350X, GN=JUHA, SN=TUOMALA, CN=TUOMALA JUHA 10000350X
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:af:e7:03:4d:94:98:bf:7c:99:ea:5e:4e:42:20:
                    b7:fc:fb:ae:cc:8d:46:00:1e:94:13:7d:66:20:56:
                    93:d9:bf:21:d5:6f:a9:b6:d5:a7:24:53:27:4d:98:
                    b7:b8:d1:12:b6:4c:d3:eb:d2:e4:7f:05:ee:fe:90:
                    8b:7a:7d:44:dd:87:d3:02:18:3e:e0:1b:c3:51:81:
                    5a:b2:d8:02:e3:aa:56:a7:04:c3:f1:04:9f:0b:fd:
                    9d:80:0d:89:de:11:64:4f:9b:a3:0c:0d:b5:e4:62:
                    11:4c:62:3e:84:5c:47:86:76:3f:8b:97:45:ef:a3:
                    89:b5:a2:fb:d8:b0:60:d6:91:ca:03:e4:94:89:d7:
                    e9:d4:49:1f:11:59:0e:a7:ed:e4:dd:8b:41:08:61:
                    cd:87:c0:21:50:0c:5e:34:12:c7:d4:85:ee:76:1f:
                    65:06:00:70:8c:0e:de:36:78:ab:0a:01:8f:b1:69:
                    f2:5f:cb:c9:d2:df:27:01:78:fb:37:48:ee:82:06:
                    35:68:48:9a:a8:67:ce:12:8f:ca:6b:9d:a8:34:72:
                    20:ab:eb:01:2e:cf:03:32:60:38:ab:a9:8a:16:5a:
                    d3:f9:88:ee:86:22:a0:23:fe:dc:c5:bf:75:66:f9:
                    46:d8:f3:79:8b:bd:31:87:a0:ea:d1:11:cb:ce:49:
                    7c:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Certificate Policies: 
                Policy: 1.2.246.517.1.10.2.1
                  User Notice:
                    Explicit Text: Tutustu varmennepolitiikkaan - se certifikat policy http://www.fineid.fi/cps1
                  CPS: http://www.fineid.fi/cps1/

            Authority Information Access: 
                CA Issuers - URI:http://proxy.fineid.fi/ca/vrkcqc.crt

            Netscape Cert Type: 
                SSL Client, S/MIME
            X509v3 Subject Alternative Name: 
                email:juha.tuomala@iki.fi
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Data Encipherment
            X509v3 Authority Key Identifier: 
                keyid:88:5A:6F:1D:42:47:82:86:FD:D7:E9:0D:B2:57:CF:4D:50:28:04:17

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://proxy.fineid.fi/crl/vrkcqcc.crl

                Full Name:
                  URI:ldap://ldap.fineid.fi:389/cn%3dVRK%20Gov.%20CA%20for%20Citizen%20Qualified%20Certificates,ou%3dValtion%20kansalaisvarmenteet,o%3dVaestorekisterikeskus%20CA,dmdName%3dFINEID,c%3dFI?certificateRevocationList

            X509v3 Subject Key Identifier: 
                EB:A4:19:37:E2:27:01:69:E2:A2:2C:48:F3:48:54:82:10:34:7C:0F
    Signature Algorithm: sha1WithRSAEncryption
         42:69:ac:3c:02:de:44:49:9d:d1:d6:56:f4:51:7d:ba:a6:a2:
         ed:b4:f2:7e:67:77:85:7f:1c:82:6c:12:26:6a:4f:e7:c7:2c:
         91:a4:0c:67:80:cb:f5:4a:37:a4:ee:c0:53:72:28:d0:94:1e:
         51:ce:c9:0b:8d:1e:72:9c:40:79:c1:ea:75:47:1b:a4:a0:59:
         7f:11:5f:c9:0e:44:be:ef:ce:33:01:a9:f8:29:43:96:98:1d:
         52:79:74:75:1a:bd:e8:b8:57:fc:11:37:fa:a8:27:dd:a3:09:
         25:fa:9f:36:e3:ee:82:c3:9f:37:cd:52:94:7d:8a:f8:60:a1:
         81:fd:71:72:a4:5c:49:f4:8a:45:37:9c:22:fd:34:18:78:c9:
         cf:24:51:25:f3:2b:eb:4f:d7:43:0a:bc:c2:bd:bd:c9:95:c7:
         07:ab:34:94:5e:b8:8a:fd:66:fe:9d:b9:17:a4:28:9b:25:e2:
         d5:db:17:fc:e2:7b:3e:87:40:37:60:5d:4d:81:a0:9b:19:7e:
         25:8c:50:94:10:fb:3e:3f:1f:77:66:e0:2e:4b:55:eb:97:ec:
         f7:f3:44:cd:a1:86:07:e7:cb:77:93:be:9d:a4:8b:22:bc:ea:
         78:12:0e:02:89:b6:9b:92:2d:d4:b5:c2:81:f2:08:ea:7f:59:
         78:86:fa:71